Identity management is reaching a tipping point. In 2022, we commissioned a survey of over 1,000 top IT security professionals for our 2022 Identity and Security Survey. This exploration into the state of the identity security market revealed that:
- More than 89% of respondents have been impacted by an identity-based attack within the last 12 months
- 96% utilize multiple tools for their identity management
- 70% believe they’re not even actively using all the tools they’re paying for
These results point to an under-funded, overworked identity and security management workforce. We just had to know if our customers, prospects and partners had/are experienced/ing the same thing. So, we put together a survey for the attendees of our annual user and partner conference, Resilience 2022 (now known as One Identity UNITE), with the goal of gaining a deeper, more nuanced understanding of how the current state of identity management and security is impacting their teams, and what steps could be taken to remediate their issues. Here’s what we found.
Password resharing remains the key security threat for 31% of respondents
Much to the disdain of the security industry, passwords remain a key issue for the customers and partners we surveyed at our conference. However, it is by no means the only issue. An additional 20% of respondents indicated that their biggest security threat is that ex-employees still have access to the organization’s systems and data. Another 20% are worried about ‘malicious or unintentional data breaches’ by employees.
The mental health of security teams is a key issue
The issue of burnout is one that is widely discussed in the security industry, and the customers we polled gave us tangible evidence that identity security teams are not exempt from this. The majority (63%) of respondents say that their security team is overworked. Another 22% don’t know if their teams are overworked or not. Only 15% said that their teams are currently able to manage their workload appropriately. Overworked identity security teams have the potential to cause, and exacerbate, a myriad of issues, including:
- Negative effects on the mental and physical health of the security teams
- Employees considering leaving the organization, leading to the difficulties replacing them
- The fact that it’s not easy for overworked people to complete their job function at a high standard, meaning the security team may actually become a security hazard
83% believe that complexity is holding them back from implementing the appropriate security controls
Using multiple identity management solutions and managing more identities than ever before is a problem for security teams, according to our partners. 65% of those surveyed believe that a unified identity security model could reduce identity management complexity. Furthermore, over 70% both understand and are implementing Zero Trust models at their organization.
Funding is the answer
The problem of overworked security teams is a complex one, but our customers and partners broadly identified a simple solution: better funding for their activities. 62% suggest that more staff and greater funding could make a serious difference when it comes to improving the mental health – and therefore, the resilience – of security teams. Another 29% suggest that a more technical approach (better integration of cybersecurity solutions) could also help. However, better integration requires resources.
Unified security approaches could keep your security teams well
While funding is a key solution to consider, another to keep in mind is strategy. Many respondents say that a radically different approach is needed to overcome the system of complexity and fragmentation that is currently dominating the identity management space. 58% of those surveyed believe a unified approach would help their team’s mental wellbeing. An even greater percentage (60%) say that a unified approach could, in turn, provide significant results for the entire company, since the mental wellbeing of the security team effects security at the company as a whole.
Conclusion: Fund and Unify
Security teams are the last line of defense for both internal security issues and external threat actors who might wish your organization harm. By unifying your approach to identity security and ensuring your teams are given the resources and support they need to do their job to the best of their abilities, you can send a message to these threat actors (and to your own organization) that you’re taking security as seriously as the teams you employ to undertake it.
